Privacy Policy

This Privacy Policy applies to information CareRelay collects through our marketing site at carerelay.health, our facility dashboard, our caregiver-facing pages and SMS workflow, and any related services (collectively, the “Platform”). It does not apply to the internal practices of any Facility or to third-party websites we may link to.

We collect the following categories of information:

Identity and contact information. Legal name, preferred name, mailing address, email address, and mobile phone number for both caregivers and facility users.

Eligibility and credentialing information. For caregivers: date of birth, last four digits of Social Security number (where required for background checks), license type, license number, issuing state, expiration date, work eligibility documentation, and supporting credentials such as CPR or BLS certifications. For facility users: business role, facility name, facility license number, and authorized signatory information.

Background check results. Results of background checks performed by our third-party consumer reporting agency, including criminal records and applicable healthcare exclusion list checks, subject to the Fair Credit Reporting Act (“FCRA”).

Shift and work history. Shift offers received, accepted, declined, and missed; clock-in and clock-out times; shift completion status; pay rate; and Facility or caregiver feedback related to a shift.

Communications metadata. SMS delivery, open, and reply metadata for shift offers and assignment notifications, and email delivery metadata for transactional emails. We do not collect resident protected health information through these channels and instruct caregivers and Facilities not to include it.

Payment information. For caregivers, the bank account or payout details required to send per-shift payments. For Facilities, the billing contact and payment method on file. Card and bank credentials are handled by our payments processor; CareRelay does not store full account numbers on our servers.

Device and usage information. IP address, browser type, device type, pages viewed, referring URL, and timestamps. We use cookies and similar technologies for essential site functions and limited analytics.

We use the information described above to:

• Verify caregiver licenses, certifications, and work eligibility, including primary-source checks with state licensing bodies such as the Michigan Department of Licensing and Regulatory Affairs;
• Run background checks through a third-party consumer reporting agency, with caregiver authorization and FCRA-required disclosures;
• Match open shifts to eligible caregivers and dispatch shift offers by SMS;
• Confirm shift assignments, send pre-shift instructions, and track attendance;
• Process per-shift payments to caregivers and invoice Facilities for filled shifts;
• Operate, secure, troubleshoot, and improve the Platform;
• Communicate with you about your account, shifts, payments, and material changes to the Platform;
• Comply with our legal obligations, enforce our terms, and protect the safety and rights of caregivers, Facilities, residents, and CareRelay.

When a caregiver joins the CareRelay pool, they consent to receive shift offer and account-related SMS messages from CareRelay at the mobile number provided. Message and data rates may apply. Frequency varies based on shift availability. Reply STOP at any time to opt out of further shift dispatch SMS, or HELP for help. Opting out of dispatch SMS will pause shift offers but does not delete your account. Our SMS practices are intended to comply with the Telephone Consumer Protection Act (“TCPA”) and carrier requirements.

We share information only as needed to operate the Platform and as described below. We do not sell personal information.

Facilities. When a caregiver accepts a shift, we share with the assigning Facility the caregiver's name, role, license type and number, contact information, and arrival information needed to staff the shift.

Service providers. We use vetted third parties to operate parts of the Platform, including:

• SMS and notifications: Twilio (or a successor messaging provider) to deliver shift offer and account SMS;
• Background checks: Checkr, Sterling, or a comparable consumer reporting agency to perform FCRA-compliant background checks;
• License verification: Direct queries to the Michigan Department of Licensing and Regulatory Affairs and equivalent state licensing bodies;
• Payments: Stripe (or a successor payments processor) to handle facility invoicing and caregiver payouts;
• Hosting and infrastructure: Cloud hosting and database providers used to run the Platform;
• Analytics and error monitoring: Limited product analytics and error monitoring tools to keep the Platform reliable.

Legal and safety. We may share information when required by law, in response to a lawful request from a government authority, to enforce our agreements, or to protect the rights, safety, or property of caregivers, Facilities, residents, or CareRelay.

Business transfers. If CareRelay is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction subject to standard confidentiality protections.

CareRelay's shift dispatch workflow is not designed to receive or store resident protected health information (“PHI”). Caregivers and Facilities are instructed to keep resident PHI out of platform messages, notes, and forms. Where a Facility nonetheless requires CareRelay to act as a business associate under the Health Insurance Portability and Accountability Act (“HIPAA”), the parties will execute a separate Business Associate Agreement that controls in the event of any conflict with this Policy.

We retain information for as long as your account is active and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, support audits, and enforce our agreements. Shift, payment, tax, and credentialing records are typically retained for at least seven (7) years after the last related shift to satisfy recordkeeping obligations. We may retain de-identified or aggregated data indefinitely.

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, audit logging, and least-privilege access for internal users. No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur. If you believe your account has been compromised, contact us immediately.

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of certain personal information we hold about you, and to object to or restrict certain uses. You can exercise these rights by contacting us at the address in the “Contact” section below. We will verify your identity before completing your request and will respond within the time required by applicable law.

You may also: update your profile information directly in the Platform; opt out of shift dispatch SMS by replying STOP; close your account by emailing us. Closing your account does not delete records we are required to retain for legal or compliance reasons.

When CareRelay obtains a consumer report or investigative consumer report on a caregiver for verification purposes, we comply with the notice, authorization, and adverse-action requirements of the FCRA and applicable state laws. Caregivers who are the subject of an adverse decision based in whole or in part on a consumer report will receive the disclosures required by law and a reasonable opportunity to dispute the accuracy of the report with the consumer reporting agency.

The Platform is not directed to children under 18, and CareRelay does not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it.

We use a small number of cookies and similar technologies for essential functions such as authentication, security, load balancing, and remembering your preferences, and for limited analytics that help us understand how the Platform is used. You can control cookies through your browser settings, though disabling cookies may impair the functionality of the Platform.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, provide reasonable notice (for example, by email or in-platform notice). Your continued use of the Platform after the effective date of the updated policy constitutes acceptance of the updated policy.

Questions about this Privacy Policy or how we handle your information? Email privacy@carerelay.health or write to us at CareRelay, 250 E Tami Cir, Apt F103, Westland, MI.